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Case Study: 2 


ProseWare Inc. 

Background 

ProseWare, Inc.is a software company that specializes in developing smartphone apps that 
work on multiple platforms. The main office for the company is located in Atlanta. The 
company has branch offices in Tokyo and Paris. 

The company recently published a new game. The game has sold over 10 million copies in 
the first year. In the same period, 25 million copies of the free version of the game were 
downloaded. ProseWare also developed a user productivity app named MyNotesPro. 
Employees 

Due to the massive demand for the game and for potential new versions and features, 
ProseWare plans to increase their staff from 100 to 1,000 employees. The employees will be 
evenly distributed between the three locations. Each employee will have a tablet device that 
runs Windows 10. 

ProseWare plans to connect all offices together by using high-speed internet links. Each 
employee will be issued a smartphone that runs Apple iOS, Android, or Windows 10. The 
quality assurance (QA) department includes 50 employees. Each QA department employee 
will be issued three smartphone devices, one device for each of the operating systems. 
ProseWare uses Microsoft Intune to manage devices. The company has joined the Apple 
Device Enrollment program. 

Current environment 

You create a virtual machine (VM) named RemApp1 in Microsoft Azure by using the 
Windows Server Remote Desktop Session Host gallery image. Users in the Training 
department connect to the VM and run several training apps. 

You have a file server named FILERO1 that runs Windows Server 2012 R2. 

In Azure, you create a virtual network and a DNS record. You implement directory 
synchronization between the on-premises domain and Azure. 

You have purchased Remote Desktop Services Client Access Licenses. 

Business Requirements 

All employees will be given access to a suite of ProseWare premium apps that includes 
MyNotesPro. You must provide access to the apps by using Azure RemoteApp. 

The Atlanta corporate headquarters performs training on a weekly basis for all Tokyo and 
Paris employees. The training is conducted by using Microsoft Skype for Business on 
Windows 10 Enterprise devices. You configure the devices to display content in the 
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respective language for the location. Some of the trainers in Atlanta speak Japanese or 
French. 
The Chief Technology Officer requires the following reports: 


A list of all jailbroken devices. 


A list of all software that is installed on devices in the organization. 
The list must include software versions. 
A comparison of installed software on devices in the organization with 


the current license agreement. 


Technical Requirements 

Employees must be able to download and install the appropriate RemoteApp client for their 
specific mobile device. The procedure for installing RemoteApp clients differs for each 
mobile operating system. All users must have access to the Azure RemoteApp infrastructure 
on their mobile devices in order to access the ProseWare premium apps. 

All apps must be centrally managed and updated. You must ensure that the apps are available 
to all employees. Employees must install all apps from a common source location. The 
ProseWare apps must only be installed on employee devices. 

You must import RemApp!1 into the Azure RemoteApp Template Image Library. RemApp1 
will host the Proseware premium apps. 

Some of the apps must be able to access data kept in the on-premises servers at the Atlanta 
office. 

You must design a Work Folders solution on a FILERO1. You have the following 
requirements: 


*You must encrypt all data that is synchronized. 
*You must synchronize settings every 60 minutes. 


*You must restrict the size of each file that is synchronized to 5 gigabytes. 


Question: 1 


DRAG DROP 

You need to test the ProseWare MyNotesPro app. 

Which three actions should you perform in sequence? To answer, move the appropriate actions from 
the list of actions to the answer area and arrange them in the correct order. 
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Actions Answer Area 


r 7 
| 


| Install the Intune Software Publisher 
— and add an app. 


| TE 
Select MyNotesPro from the list of apps 
and launch the app. 


with ProseWare\administrator domain 
credentials. 


l - 
Sign in to the RDWeb website by using © 


Navigate to default Remote Desktop 
Session collection. 


Sign in to the Intune Admin Console by 
using ProseWare\administrator domain 
credentials. 
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Actions Answer Area 
Sign in to the RDWeb website by usin 
ua, iad Publisher with ProseWare\administrator omaine 


f credentials. 


| Navigate to default Remote Desktop 
. Select MyNotesPro from the list of apps 
d beunth the app. pp Session collection. 
le ; ; ‘Select MyNotesPro from the list of apps 
Sign in to the RDWeb website by usin 
with ProseWare\administrator ma and launch the app. 


credentials. | 


L — ~ 


Navigate to default Remote Desktop 
Session collection. 


‘Sign in to the Intune Admin Console by 
using ProseWare\administrator domain 
credentials. 


Question: 2 


DRAG DROP 

You receive the following error message when you attempt to open a Remote Desktop Protocol 
(RDP) file to make a connection: “The remote session was disconnected because there are no 
Remote Desktop License Servers available to provide a license. Please contact the server 
administrator.” 

You need to use the RDP file to sign into the virtual machine as administrator and then fix the issue. 
In which order should you perform the actions? To answer, move all actions from the list of actions to 
the answer area and arrange them in the correct order. 
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Answer Area 


Actions Sequence 


Use the RDP file to connect to the 
virtual machine in the Remote Desktop 
Connection. Sign in as an | 
administrator. | 


In Server Manager, under Remote 
Desktop Services, for the virtual 
machine server name open RD 
Licensing Manager. 


licensing server role on the virtual 
machine. 


‘Deploy the Remote Desktop Services © 


n 


‘In the RD Licensing Manager, activate | 
the server. Fill out properties as 
| required. 


Open the RDP file in Notepad. 
Add/admin at the end of the address 
line. Save the file. 


© © 


Answer: 
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Actions 


Use the RDP file to connect to the 
virtual machine in the Remote Desktop 
Connection. Sign in as an 
administrator. 


In Server Manager, under Remote 
Desktop Services, for the virtual 
machine server name open RD 
Licensing Manager. 


Deploy the Remote Desktop Services 
licensing server role on the virtual 
machine. 


In the RD Licensing Manager, activate 
the server. Fill out properties as 
required. 
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Answer Area 


© 
© 


Open the RDP file in Notepad. 
Add/admin at the end of the address 
line. Save the file. 


Use the RDP file to connect to the 
virtual machine in the Remote Desktop 
Connection. Sign in as an 
administrator. 


Deploy the Remote Desktop Services 
licensing server role on the virtual 
machine. 


In Server Manager, under Remote 
Desktop Services, for the virtual 
machine server name open RD 
Licensing Manager. 


In the RD Licensing Manager, activate 
the server. Fill out properties as 
required. 


© © 


Question: 3 


You need to create the policy for the Tokyo branch office. 
What should you use? 


A. Azure Active Directory Device Registration Service 
B. System Center 2012 R2 Configuration Manager SP1 
C. Intune 

D. Azure Active Directory 

E. Azure Active Directory Domain Services 


Answer: C 
Explanation: 
References: 
https://docs.microsoft.com/en-us/intune/deploy-use/introduction-to-device-compliance-policies-in- 


microsoft-intune 


Question: 4 


You need to import RemApp1 into the Azure RemoteApp Template Image Library. 
Which tool should you run first? 


A. Disk2VHD 
B. System Preparation Tool 
C. Application Compatibility Toolkit 
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D. Azure Mobile Apps Software Development Kit installer. 


Answer: B 


Question: 5 


You need to publish the ProseWare premium apps. 
What should you do? 


A. Create a new storage account. 

B. Create a new RemoteApp collection by using the Quick Create option. 

C. Create a new RemoteAppcollection and assign the collection to an existing Azure virtual network. 
D. Create a new Traffic Manager profile. 

E. Create and provision a new ExpressRoute circuit. 


Answer: C 


Explanation: 
References: 


Case Study: 3 

Blue Yonder Airline 

Overview 

Background 

Blue Yonder Airlines provides regional commercial jet services in the continental United States. The 
company also designs, manufactures, and sells custom parts for jet aircraft. The custom parts 
business is growing rapidly. Blue Yonder airlines has developed a new part that will help airlines 
comply with new safety regulations. The company has a backlog of customers that would like to 
purchase the part. 

The Sales department has 500 users and the Engineering department has 200 users. All employees 
work eight hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. 
This has resulted in missed deadlines for releasing new products to manufacturing. 

Mobile device management 

Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). 
The subscription includes the MDM Authority and Terms and Conditions components. The company 
has deployed the Network Device Enrollment service, Enterprise Certification Authority, and the 
Intune Certificate Connector. Blue Yonder Airlines has an on-premises Microsoft Exchange 
environment. 

The company will use a combination of Intune and Azure RemoteApp for Mobile Application 
Management. 

Mobile devices for employees 

Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department 
employees for use while they are outside of the company network. The company plans to deploy the 
latest iOS devices for Sales department users and Windows 10 tablet devices for Engineering 
department users. 

You configure a Sales group for Sales department users and an Engineering group for Engineering 
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department users. In Intune, you configure a computer device group for Windows 10 devices, and a 
mobile device group for iOS devices. You synchronize the Sales and Engineering groups with Azure 
Active Directory (AD). 

Network resources 

You have a network file share that is used by Engineering department users to collaborate on 
projects. The file share is configured with full control permissions. The company is concerned that 
users may be disrupted if they are suddenly denied access to the file share. 

Applications 

Inventory Management App 

Blue Yonder Airlines has developed a custom inventory management app. Sales department users 
must be able to access the app from enrolled mobile devices. The data that the app uses is 
considered confidential and must be encrypted. 

New product Sales App 

You procure a third-party app from a vendor to support new product sales. The data that the app 
uses is highly confidential. You must restrict access to the app and the app’s data to only Engineering 
department users. The app has been signed by using a Blue Airlines certificate. This certificate is not 
trusted by devices that run Windows 10. 

Product Request Program App 

The company has developed the Product Request Program app as a 32-bit Windows application. The 
application allows the company to manage the sales fulfillment process. It is also used to record 
customer requests for new parts and services. You plan to publish the Product Request Program app 
in Azure RemoteApp and configure access for users in the Engineering and Sales departments. This 
app is not compatible with the iOS platform and cannot by published by using Intune. You create a 
virtual machine in Azure that runs Windows Server 2012 R2. You install the Product Request Program 
app on the virtual machine. 

Business Requirements 

You must ensure that the Sales and Engineering teams can share documents and collaborate 
effectively. Any collaboration solution must be highly available and must be accessible from the 
internet. You must restrict access to any shared files to prevent access. 

You must restrict permissions to the Engineering file share. You must monitor access to the file share. 
You must provide users in the Sales and Engineering departments access to the following resources: 
*Corporate email 

*File Shares hosted in Microsoft SharePoint Online 

*The Product Request Program app 

Technical Requirements 

You have the following technical requirements: 

*Allow all Sales department users to enroll iOS devices for device management andenable encrypted 
notifications to the devices. 

*Employees must be able to access company resources without having to manually install certificates 
or using an out-of-band process. 

*Employees must only access corporate resources from devices that comply withthe company’s 
security policies. 

Mobile device protection policies 

*All devices must include a trusted build and must comply with Blue Yonder Airlines password 
complexity rules. 

*You must clear all corporate data from a mobile device when the number of repeated log on failures 
is more than 10. 

*All devices must be protected from data loss in the event that a device is lost or damaged. 
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*Data that is considered confidential must be encrypted on devices. 

Additional technical requirements for Engineering department users and devices 

*Users must not be challenged for credentials after they initially enroll a device in Intune. 

*Users must be able to access corporate email on enrolled Windows 10 devices. 

*Devices must be automatically updated when an update is available. You must configure the Intune 
agent to prompt for restart no more than one time during normal business hours. System restarts to 
complete update installations must occur outside of normal business hours. 

Problem Statements 

Sales and Engineering teams 

Sales and Engineering department users report that it is difficult to share documents and collaborate 
on new projects. Blue Yonder Airlines has an urgent need to improve collaboration between the 
Sales department and Engineering department. Any collaboration solution must be highly available 
and accessible from the Internet. 

Engineering department users report that Intune prompts them to restart their Windows 10 devices 
every 30 minutes when an update is available for installation. The prompts are disruptive to users. 
Security issues 

The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft 
has released a patch to address the vulnerability. The Security department has issued a service 
announcement. They request that you deploy the patch to all Windows 10 devices managed by 
Microsoft Intune. 


Question: 6 


DRAG DROP 

You need to configure the phones for the Sales department users. 

In the Intune administration portal, which three steps should you perform in sequence? To answer, 
move the appropriate actions from the list of actions to the answer area and arrange them in the 
correct order. 
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Answer Area 
Actions Sequence 


Create a certificate signing request for 
the vendor. 


Issue a Blue Yonder push notification 
certificate. 


from the vendor. 


Get push notification service certificate © 


Create a certificate signing request for 
Blue Yonder. 


Upload the Blue Yonder push notification | 
certificate to Intune. | 


Upload the vendor push notification 
certificate to Intune. 
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Answer: 
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Answer Area 


Actions Sequence 
Create a certificate signing request for Create a certificate signing request for 
the vendor. the vendor. 


Get push notification service certificate 


Issue a Blue Yonder push notification from the vendor. 


certificate. 


wr w 


Get push notification service certificate poe tis vendor push DotneNDR 


from the vendor. 


NY VY 


Create a certificate signing request for 
Blue Yonder. 


Upload the Blue Yonder push notification 
certificate to Intune. 


Upload the vendor push notification 
certificate to Intune. 


References: 
https://docs.microsoft.com/en-us/intune/deploy-use/set-up-ios-and-mac-management-with- 


microsoft-intune 


Question: 7 


DRAG DROP 

You need to configure the mobile devices for the Engineering department users. 

In the Microsoft Intune administration portal, which four actions should you perform in sequence? To 
answer, move the appropriate actions from the list of actions to the answer area and arrange them in 
the correct order. 
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Answer Area 


Actions Sequence 


Create a Trusted Certificate Profile for 
Windows 8.1 and later devices. 


Export the Blue Yonder root certificate. ©) 


| Deploy the profiles to the Engineering 
group. 


Create a Simple Certificate Enrollment 
Protocol profile for Windows 8.1 and 
later devices. 


Create a custom configuration for 
Windows 10 Desktop and Mobile and 
later devices. 


Deploy the profiles to the Users group. | 


© © 


Answer: 


https://www.certkillers.net 


Questions & Answers PDF Page 14 


Answer Area 


Actions Sequence 


Windows 8.1 and mer doa ig Export the Blue Yonder root certificate. 


d 


Create a Trusted Certificate Profile for 


Export the Blue Yonder root certificate. Windows 8.1 and later devices. 


—— — 


Create a Simple Certificate Enrollment 
Deploy the profiles to the Engineering Protocol profile for Windows 8.1 and 
group. later devices. 


J | = N — 
Deploy the profiles to the Engineering 


Create a Simple Certificate Enrollment group. 
Protocol profile for Windows 8.1 and 
later devices. - 


Create a custom configuration for | 
Windows 10 Desktop and Mobile and 
later devices. | 


Deploy the profiles to the Users group. 


References: 


Question: 8 


HOTSPOT 

Overview 

You need to configure email access for the Engineering department users. 

What should you do? To answer, select the appropriate action from each list in the answer area. 
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Answer Area 


Task 


Configure the on-premises infrastructure 


Define conditions for access 


Configure conditional access 


Answer Area 


Task 


Configure the on-premises infrastructure 


Define conditions for access 


Configure conditional access 
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Actions 


Set up the Intune On-Premises 
Set up the Intune Certificate Connector 


Set up the System Center Configuration Manager Exchange Connector 
xchange Connector 


Create and deploy an app management policy 
Create and assign a configuration policy 
Create and deploy a compliance policy 


[<] 


Publish Outlook ; 
Add a group for mail-enabled mobile devices 
Configure the Exchange on-premises policy 


Answer: 


Actions 


xchange Connector 


onfigure the Exchange on-premises policy 


You need to configure access to the custom inventory app for Sales department users. 
Which action should you perform to complete each task? To answer, select the appropriate action for 


each task in the answer area. 
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Answer Area 


Task 


Publish the app in Intune. 


Create a policy with encryption settings. 


Enable installation of the encrypted app. 


Answer Area 


Task 


Publish the app in Intune. 


Create a policy with encryption settings. 


Enable installation of the encrypted app. 


References: 
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Actions 


<| 


Create a link to the app in Intune. 

Create a link to the app on the BlueYonder.com website. : 
Upload the app installation files to the BlueYonder.com website. 
Upload the app installation files to the Intune cloud storage space. 


Create a Mobile App Management policy for All Devices. 
Create a Mobile App Management polley for iOS devices. 

Create a compliance policy for All Devices and deploy it to the Sales group. 
Create a configuration policy for iOS devices and deploy it to the Sales group. 


| iis 
Notify users that the app is available in the company portal. 

Deploy the compliance policy for iOS devices to the Sales group. 
Associate the app with a Mobile App Management policy for iOS. 
Assign the Mobile App management policy for iOS to the Sales group. 


Answer: 


Actions 


Create a Mobile App Management policy for iOS devices. 


O 


ToS a ce SCS po IP DEVICES ate Ue pre 5 the Sales group. 
Create a configuration policy for iOS devices and deploy it to the Sales group. 


M 


Notify users that the app is available in the company portal. 
Deploy the compliance policy for iOS devices to the Sales group. 
Accociate a 2 = z anasoe z O 


ne DD =: Anp . ele 


anagement policy for IOS to the Sales group. 


policies-with-microsoft-intune 
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You need to configure the required security measures for the sales department mobile devices. 
What should you do? To answer, select the appropriate action from each list in the answer are 
a. Each correct answer is worth one point. 


Answer Area 
Security requirement 


Configure password requirements. 


Require a trusted build. 


Require encryption. 


https: 


Actions 


Create a configuration policy for iOS. 


Create a Terms and Conditions policy. , 
Create a Corporate Device Enrollment policy. 


[v] 


Determine whether a device is jailbroken. , 
Determine whether a device was shipped from another country/region. | 
Confirm that the device has an Apple Push Notification Certificate. | 


| M 
Configure a compliance policy that requires encryption. , 

Use a connguranon policy for iOS that enforces Dasic device requirements. 
Configure t 

| devices. 


e Terms and Conditions policy to require encryption on all 


Answer: 
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Answer Area 


Security requirement 


Configure password requirements. 


Require a trusted build. 


Require encryption. 


References: 
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Actions 


; a pew irom another country/region. 
Confirm that the device has an Apple Push Notification Certificate. 


qu Doncy 5 ðevice requirements. 
Configure the Terms and Conditions policy to require encryption on all 
evices 


microsoft-intune 
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